Airline hits GDPR turbulence

Another aviation giant will be under the watchful eye of the Information Commissioner’s Office (ICO) after it was discovered that the details of over 9 million passengers had been hacked.

Cathay Pacific, a Hong Kong airline, admitted that information including passports, email addresses and expired credit card details were amongst the stolen data.

The news comes after a string of other aviation industry heavyweights also reported data breaches. Last month, British Airways reported that hackers had stolen data relating to around 380,000 transactions and Heathrow Airport was recently fined £120,000 by ICO for failing to ensure adequate security for personal data held on its network.

Whilst the fine against Heathrow Airport was imposed under the old Data Protection Act 1998, British Airways and Cathay Pacific can expect to be sanctioned under the new Data Protection Act 2018. Could we be about to see the first fine which exceeds the previous limit of £500,000?

If you would like to speak to our data protection team, please email dataprivacy@bpe.co.uk

These notes have been prepared for the purpose of an article only. They should not be regarded as a substitute for taking legal advice.